Using https://IPA/ipa/migration, users can migrate their password to their Kerberos principals successfully, a subsequent login to /ui gives them interface to change attrs to their account.
But if their LDAP password is shorter than the default policy of 8 letter (IPA migrate the password but set it as expired,) they have no chance to reset it to meet the policy through the UI. I had to help them login in with a ssh session to a IPA client machine to do this, although the majority of my users do not need the ability to have interactive ssh sessions. Is there a possibility to enable users to change or reset expired password in the UI? Thanks, Qing Chang _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
